Core event: SEC's 2026 priorities highlight expanded scrutiny of RIAs' AI use in operations like automated advice, fraud detection, AML, and trading, requiring accurate disclosures, supervisory controls, and alignment with investor strategies; simultaneously, May 2024 Reg S-P amendments enforce written incident response programs to detect, respond, and recover from unauthorized customer information access, with notification within 30 days if needed.[1][2][3][15] Deadlines are December 3, 2025, for RIAs with ≥$1.5B AUM, and June 3, 2026, for smaller ones.[2][10]
Involved parties: Primary agency is the SEC Division of Examinations; targets are RIAs; law firms like Stark & Stark, Shumaker, and Goodwin provide guidance.[1][2][7] No specific companies or individuals named beyond general RIA obligations.
Context and timeline: Priorities stem from rising AI adoption and cyber threats amplifying operational risks, building on prior years' focus; Reg S-P updates modernize 2003 rules into enforceable baselines.[1][2][5][9] Key dates: May 2024 (Reg S-P amendments), November 17, 2025 (priorities release), December 3, 2025 (large RIA deadline), June 3, 2026 (small RIA deadline).[2][5][10]
Newsworthy now: With large RIAs' deadline passed by April 2026 and small RIAs' approaching in ~2 months, plus ongoing 2026 exams integrating AI/cyber priorities, firms face imminent enforcement; headline flags urgency for policy updates amid SEC's cross-cutting risk emphasis.[1][2][3][7][9]